<?php
/**
 * --------------------------------------------------------------------
 * 后台公共类
 * --------------------------------------------------------------------
 * @author  杨云洲,  yangyunzhou@foxmail.com
 * --------------------------------------------------------------------
 * @copyright  Midnight Studio
 * --------------------------------------------------------------------
 */
class PublicAction extends PublicBaseAction {

	/**
	 * 后台用户登录
	 */
	public function login() {
		if($this->isFormPost() && $this->isValidToken()) {
			// 验证表单
			$this->check_login_form();

			// 过滤用户密码
			$name     = strtolower(trim($_POST['username']));
			$password = md5(strtolower(trim($_POST['password'])));

			// 验证用户信息
			$db = D('Member');
			$val = $db->where("`name`='$name' AND `password`='$password' AND `state`='1'")->find();
			$val['name'] = strtolower($val['name']);
			$val['password'] = strtolower($val['password']);
			if($name != $val['name']) $this->error('用户名错误！');
			if($password != $val['password']) $this->error('密码错误！');

			// 登记用户状态
			$this->admin_state($val['uid'], $val['name']);
			$this->set_admin_info($val['uid'], $val);

			// 载入用户权限
			Import('ORG.Util.RBAC');
			$map = array();
			$map['name'] = $name;
			$map['password'] = $password;

			$_SESSION[C('USER_AUTH_KEY')] = $val['uid'];
			//RBAC::authenticate($map);
			//RBAC::AccessDecision('Admin');
            //RBAC::saveAccessList($val['uid']);

            //dump($_SESSION);

//exit();

			if($_GET['referer']) $url = base64_decode($_GET['referer']);
			else $url = U('Index/index');
			$this->success('登陆成功',$url);
		} else {
			$this->del_admin_state();
			$this->title = '后台登录';
			$this->display('login');
		}
	}

	/**
	 * --------------------------------------------
	 * 退出后台
	 * --------------------------------------------
	 * @author  Midnight,  yangyunzhou@foxmail.com
	 */
	public function logout() {
		$this->del_admin_state();
		$this->success('成功退出',ROOT);
	}

	/**
	 * --------------------------------------------
	 * 验证登录表单
	 * --------------------------------------------
	 * @author  Midnight,  yangyunzhou@foxmail.com
	 */
	private function check_login_form() {
		// 验证表单完整性
		if($_SESSION['verify'] != md5($_POST['verify'])) $this->error('验证码错误');
		elseif(false == $_POST['username']) $this->error('用户名不能为空');
		elseif(false == $_POST['password']) $this->error('密码不能为空');
	}
}